Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
(ConfigMgr) provides a comprehensive solution for change and configuration management for the Microsoft platform, enabling organizations to provide relevant software and updates to users quickly and cost-effectively.
Other Information
MS SCCM 2007 Certification paper 70-401
SCCM Components
The SCCM Site Primary Site Secondary Site Parent Site Child Site Central Site
A site consists of
Site System
A site system is any computer running a supported
version of Microsoft Windows or a shared folder that hosts one or more site system roles.
Description The role assigned to the server on which Configuration Manager 2007 Setup has been run successfully.
Required?
Site server
Yes. Every site must have exactly one site server role.
The role assigned to the computer running Microsoft SQL Server and hosting the Configuration Manager 2007 site database. You can use only Microsoft SQL Server 2005, Standard or Enterprise Edition, to host the site database. SQL Server 2005 Express is not a supported SQL Server 2005 version for hosting the site database.
Every primary site requires a site database server role, but secondary sites do not require them.
Configuration Manager console Any computer running the Configuration Manager console.
No. The Configuration Manager console is automatically installed by default on primary site servers during Setup. You can install additional Configuration Manager consoles on remote computersfor example, the workstation of the Configuration Manager administrator. However, some organizations write their own user interface using the Configuration Manager software developer kit (SDK) and never use the Configuration Manager console.
The Configuration Manager console does not access the database directly, but instead uses Windows Management Instrumentation (WMI) as an intermediary layer. The SMS Provider is the Yes, for primary sites. When you install a primary site, you select which computer will host the WMI Provider for Configuration Manager. SMS Providerusually, it's the site server or the site database server. Any computer hosting a Configuration Manager 2007 site role that requires installing special Configuration Manager 2007 services. The only site system role that does not require the installation of a special Configuration Manager 2007 service is the distribution point. Required for the following features: software distribution, software updates, and advertised task sequences used in operating system deployment.
Component server
Distribution point
A site system role that gathers state messages from clients that cannot install properly, cannot assign to a Configuration Manager 2007 site, or cannot communicate securely with their assigned management point.
Management point
The site system role that serves as the primary point of contact between Configuration Manager Every site with intranet clients must have one default management point, though the default 2007 clients and the Configuration Manager 2007 site server. management point might be a cluster of several site systems configured as management points.
A site system role that has been configured to respond to and initiate operating system deployments from computers whose network interface card is configured to allow PXE boot requests.
Required only for operating system deployment using PXE boot requests.
Description
Required? Required only to use the reporting feature. Reports are often helpful when diagnosing client issues.
Reporting point
A site system role hosts the Report Viewer component for Web-based reporting functionality.
A site system role that locates management points for Configuration Manager 2007 clients. A site system role assigned to a computer running Microsoft Windows Server Update Services (WSUS). A site system role that stores user state data while a computer is being migrated to a new operating system.
The site system role assigned to a computer running Network Policy Service. A site role that is used to connect to System Center Online to manage Asset Intelligence catalog information updates. A site system role that discovers, provisions, and manages desktop computers that have management controllers (such as AMT-based computers).
Required only for the Configuration Manager 2007 Network Access Protection feature. Required only to synchronize the local Asset Intelligence catalog with System Center Online by Microsoft SA license customers.
Required only if you want to use SQL Reporting Services to report Configuration Manager 2007 R2 data. Integrating Configuration Manager 2007 R2 reports with SQL Reporting Services provides a richer reporting experience. However, the reporting point still works and does not require SQL Reporting Services or a Reporting Services point.
Although the client status reporting host system site system role is not actually a site system configured in the Configuration Manager console, it is a role that can be added to a client or server computer to report back to the site server about the client computers it monitors.
Types of Sites
Primary Sites : The first Configuration Manager 2007 site you
install must be a primary site. A primary site stores Configuration Manager 2007 data for itself and all the sites beneath it in a SQL Server database.
Manager 2007 site database. The secondary site forwards the information it gathers from Configuration Manager 2007 clients, such as computer inventory data and Configuration Manager 2007 system status information, to its parent site. The advantages of using secondary sites are that they do not require any additional Configuration Manager 2007 server license and do not incur the overhead of maintaining an additional database.
Parent Sites
A parent site is a primary site that has one or more
sites attached to it in the hierarchy. Only a primary site can have child sites. A secondary site is always a child site. A parent site contains pertinent information about its lower level sites, such as computer inventory data and Configuration Manager 2007 system status information, and it can control many operations at the child sites.
Child Sites
A child site is a site that is attached to a site above it in
the hierarchy. The site it reports to is its parent site. A child site can have only one parent site. Configuration Manager 2007 copies all the data that is collected at a child site to its parent site. A child site is either a primary site or a secondary site.
Central Site
A central site has no parent site. Typically, a central site
has child and grandchild sites and aggregates all of their client information to provide centralized management and reporting. A site with no parent and no child site is still called a central site although it is also referred to as a stand-alone site.
Feature Packs but are now incorporated into the core product: Mobile device management
Operating system deployment
Transfer site settings wizard
function very much as they did in SMS 2003: The administrator console
Collections Software distribution Software metering Remote tools
minor changes:
Discovery
Inventory
Queries Reporting
Application Virtualization. For more information, About Virtual Application PackagesAbout Virtual Application Packages. Forefront Client Security Integration. For more information, see About Forefront Client Security Integration with Configuration Manager 2007 R2. SQL Reporting Services Reporting. Allows you to report on Configuration Manager activity using SQL Reporting Services. Client Status Reporting. Provides a set of tools and Configuration Manager 2007 reports to assess the status of client computers, sometimes referred to as "client health." Clients that show a change in activity patterns might need administrative intervention. Operating System Deployment Enhancements. The following enhancements are included in Configuration Manager 2007 R2:
Unknown computer supportIn Configuration Manager 2007 R2, you can deploy operating systems to computers using a PXE service point without first adding the computer to the Configuration Manager database. For more information, see About Unknown Computer Support for Operating System Deployment.
Multicast deploymentPreviously, all operating system deployments used unicast. Multicast can make more efficient use of network bandwidth when deploying large images to several computers at the same time. For more information, see About Multicast for Operating System Deployment.
Running command lines in task sequences with credentials other than the local system account.
The administrator console Collections Inventory Queries Reporting Software distribution Software updates Software metering Mobile Device management Operating system deployment Desired configuration management Remote tools Network Access Protection Wake On LAN Out of band management
Supported Platforms
Admin Console
The Configuration Manager 2007 console is the most
common way that Configuration Manager administrators use Configuration Manager 2007, although some organizations use the Software Development Kit (SDK) to build custom user interfaces and many administrators use scripting to manage repetitive tasks more efficiently. You can run the console from the site server or install additional consoles on your desktop or help desk computers to facilitate management. One console can manage many sites or many consoles can manage a single site.
Collections
Collections represent groups of resources and can
consist not only of computers, but also of Microsoft Windows users and user groups as well as other discovered resources. Collections provide you with the means to organize resources into easily manageable units, enabling you to create an organized structure that logically represents the kinds of tasks that you want to perform. Collection membership can be either direct or query based
Inventory
hardware and software on Configuration Manager
2007 clients Hardware inventory gives you system information (such as available disk space, processor type, and operating system) about each computer. You can configure the information returned in hardware inventory by modifying the SMS_def.mof file. Software inventory agent gives you information such as inventoried file types and versions present on client computers
Queries
The query feature in Configuration Manager 2007 uses
WBEM query language (WQL) to query the site database. Query results are returned in the Configuration Manager 2007 console, where they can be exported using the MMC export list feature. Queries can also be used to create collections of resources that meet the query criteria.
Reporting
Reporting is a supporting feature to many other
Configuration Manager 2007 features. Reports are returned in Web pages in the browser. Programming is not required, but knowledge about creating SQL queries is extremely helpful.
Software distribution
Software distribution allows you to push just about
anything to a client computer. Packages in software distribution can contain source files to deploy software applications and commands called programs that tell the client what executable file to run.
Software updates
The software updates feature provides a set of tools
and resources that can help manage the complex task of tracking and applying software updates to client computers in the enterprise.
Software metering
Software metering enables you to collect and report software program usage data. The data provided by these reports can be used by many groups within the organization such as IT and corporate purchasing.
Manager 2007 clients. Mobile clients can run a subset of Configuration Manager 2007 features such as inventory and software distribution, but cannot be managed by remote control and cannot receive operating system deployments like desktop clients.
Provide a secure operating system deployment environment. Assist with managing the cost of deploying images by allowing one image to work with different computer hardware configurations. Assist with unifying deployment strategies to help provide a solid deployment foundation for future operating system deployment methods.
Remote tools
Remote tools in Configuration Manager 2007 includes
the remote control feature which allows an operator with sufficient access rights the ability to remotely administer client computers in the Configuration Manager 2007 site hierarchy. You can use remote control to troubleshoot problems on client computers and to provide remote help desk support where access to the user's computer is necessary.
built into the Windows Vista and Windows Server 2008 operating systems that helps you to better protect network assets by enforcing compliance with system health requirements. You can configure DHCP Enforcement, VPN Enforcement, 802.1X Enforcement, IPSec Enforcement, or all four, depending on your network needs.
Network Access Protection in Configuration Manager 2007 works with
Wake On LAN
Windows Network Policy Server (NPS) on Windows Server 2008, to enforce software update compliance through client remediation.
Wake On LAN
The Wake On LAN feature helps to achieve a higher success rate for scheduled Configuration Manager 2007 activities, reducing associated network traffic during business hours, and helps organizations to conserve power by not requiring computers to be left on for maintenance outside business hours. Wake On LAN in Configuration Manager 2007 supports the following scenarios:
Sending a wake-up transmission prior to the configured deadline for a
Applies only to Configuration Manager 2007 SP1 The out of band management feature in Configuration Manager 2007 SP1 provides powerful management control for computers that have the Intel vPro chip set and Intel Active Management Technology (Intel AMT) firmware versions 3.2 or later. Out of band management requires a Microsoft public key infrastructure (PKI) and supports the following scenarios: Powering on one or many computers (for example, for maintenance on computers outside business hours).
Powering off one or many computers (for example, the operating system stops responding). Restarting a nonfunctioning computer or booting from a locally connected device or known good boot image file. Re-imaging a computer by booting from a boot image file that is located on the network or by using a PXE server.
Reconfiguring the BIOS settings on a selected computer (and bypassing the BIOS password if this is supported by the BIOS manufacturer).
Booting to a command-based operating system to run commands, repair utilities, or diagnostic applications (for example, upgrading the firmware or running a disk repair utility). Configuring scheduled software update deployments and advertisements to wake up computers prior to running.
Site Operations
Client Deployment Logs
Server Recovery ( Backup / Recovery) Routine Maintenance
Status Message
State Message
On computers that serve as management points, the client logs are located in the SMS_CCM\Logs folder.
On all other computers, the client log files are located in the %Windir%\System32\CCM\Logs folder or the %Windir%\SysWOW64\CCM\Logs.
Description
CAS
CcmExec.log
Records activities of the client and the SMS Agent Host service.
Maintains certificates for Active Directory directory service and management points. Creates and maintains the client GUID. Site assignment tasks.
ContentTransferManager.log
Schedules the Background Intelligent Transfer Service (BITS) or the Server Message Block (SMB) to download or to access SMS packages.
DataTransferService.log Execmgr.log FileBITS.log Fsinvprovider.log (renamed to FileSystemFile.log in all SMS 2003 Service Packs)
Records all BITS communication for policy or package access. Records advertisements that run. Records all SMB package access tasks.
Windows Management Instrumentation (WMI) provider for software inventory and file collection.
Creates discovery data records (DDRs) and hardware and software inventory records. Finds management points and distribution points. The WMI provider for .MIF files. Monitors all software metering processes.
Requests policies by using the Data Transfer service. Records policy changes. Records new policy settings.
RemoteControl.log Scheduler.log
Logs when the remote control component (WUSER32) starts. Records schedule tasks for all client operations.
Smscliui.log
StatusAgent.log
SWMTRReportGen.log
Generates a usage data report that is collected by the metering agent. (This data is logged in Mtrmgr.log.)
recoverability in case of unexpected events. Backing up a Configuration Manager 2007 site involves backing up the database, the file system, and the registry all at the same point in time - backing up just one of these elements is not sufficient to restore a working site. Configuration Manager 2007 uses the Volume Shadow Copy Service (VSS) to take small, frequent snapshots of the necessary components, making it easier to restore a failed site.
Routine Maintenance
Routine monitoring operations for the site consist
primarily of checking status messages, file backlogs, and key log files. Some database tasks are automated and configurable in the Configuration Manager console.
Status Message
Informational and success status messages indicate
that the site is performing as expected. Error and Warning status messages indicate that problems exist. The status messages often contain troubleshooting information like possible causes and solutions
State Message
Which are different than status messages, to track the
current state of some site operations. Unlike status messages, there is no viewer for state messages. All state messages are viewed using reports.
Software Metering
Remote tools Software distribution
Patch management
Reporting
Client Deployment
Configuration Manager 2007 provides several options for installing the client software.
Client Computer Installation Method Description Uses the Automatic Update configuration of a client to direct the client computer to a WSUS computer configured as a Configuration Manager 2007 software update point. The client computer installs the Configuration Manager 2007 client software as though it was a software update. Uses an account with administrative rights to access the client computers and install the Configuration Manager 2007 client software. This method requires File and Print sharing and the related ports to be enabled on the client computer. A user with administrative rights can install the client software by running CCMSetup on the client computer. A variety of switches modify the installation options. Uses Group Policy software installation to install CCMSetup.msi. The client software can be added to an image, including images created and deployed with Configuration Manager 2007 operating system deployment. Existing clients can be upgraded or redeployed using Configuration Manager 2007 software distribution.
Imaging
Software Distribution
Discovery Methods
Adding clients and resources to the site
Discovery Methods
Six methods of discovery are available in Configuration Manager 2007:
Network Discovery
Heartbeat Discovery
Active Directory System Group Discovery Active Directory Security Group Discovery Active Directory System Discovery Active Directory User Discovery
Network Discovery
as it's the most generalized form of discovery. It allows
Configuration Manager 2007 to perform a broad search of your network by checking the DHCP leases, looking at routers' Address Resolution Protocol (ARP) caches, or looking for SNMP)-enabled devices in a community. Because of the broad spectrum of resources connected to your network, network discovery is also likely to find resources such as printers that are not capable of becoming Configuration Manager 2007 clients.
Heartbeat Discovery
Configuration Manager 2007 also uses Heartbeat
Discovery, but instead of it being used to create new database records, it is used to keep existing records up to date. Heartbeat Discovery is the only configurable discovery method that is automatically enabled when Configuration Manager 2007 is installed.
Heartbeat Discovery updates existing DDRs rather
than creating new ones. By default, it generates an updated DDR for each client every seven days, although this timing is configurable.
Manager clients according to the schedule you specify. With this method enabled, the Client Component Installation Manager (CCIM) on the client causes the Cliex32.dll to generate a DDR, which is then written to the management point. This file is the same size as a normal DDR (approximately 1 KB per client), and so it will generate approximately the same network traffic.
with Active Directory to locate resources such as computer accounts, user accounts, system groups, and security groups already existing in your accounts database.
DDR Record
creates records in the Configuration Manager database. This record is called a data discovery record (DDR) and the file generated has a .DDR extension.
include data such as the NetBIOS name of a computer,
IP address and IP subnet of a computer or device, operating system, MAC address, and so on. Depending on the discovery method used, resource DDRs are periodically regenerated to keep the discovery data up to date
OS deployment
Troubleshooting